IPv4 subnet shortcut matching.
This commit is contained in:
parent
9e951a378c
commit
5ee30535c4
|
@ -3,6 +3,7 @@ var {Permissions, Policy, Sites} = (() => {
|
|||
const SECURE_DOMAIN_PREFIX = "§:";
|
||||
const SECURE_DOMAIN_RX = new RegExp(`^${SECURE_DOMAIN_PREFIX}`);
|
||||
const DOMAIN_RX = new RegExp(`(?:^\\w+://|${SECURE_DOMAIN_PREFIX})?([^/]*)`, "i");
|
||||
const IPV4_RX = /^(?:\d+\.){1,3}\d+/;
|
||||
const INTERNAL_SITE_RX = /^(?:(?:about|chrome|resource|(?:moz|chrome)-.*):|\[System)/;
|
||||
const VALID_SITE_RX = /^(?:(?:(?:(?:http|ftp|ws)s?|file):)(?:(?:\/\/)[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000.](?:$|\/))?|[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000]$)/;
|
||||
|
||||
|
@ -158,6 +159,7 @@ var {Permissions, Policy, Sites} = (() => {
|
|||
if (!hostname) return null;
|
||||
if (!tld.preserveFQDNs) hostname = tld.normalize(hostname);
|
||||
let secure = protocol === "https:";
|
||||
let isIPv4 = IPV4_RX.test(hostname);
|
||||
for (let domain = hostname;;) {
|
||||
if (this.has(domain)) {
|
||||
return domain;
|
||||
|
@ -168,13 +170,24 @@ var {Permissions, Policy, Sites} = (() => {
|
|||
return ssDomain;
|
||||
}
|
||||
}
|
||||
let dotPos = domain.indexOf(".");
|
||||
if (dotPos === -1) {
|
||||
break;
|
||||
}
|
||||
domain = domain.substring(dotPos + 1); // sub
|
||||
if (!domain) {
|
||||
break;
|
||||
|
||||
if (isIPv4) {
|
||||
// subnet shortcuts
|
||||
let dotPos = domain.lastIndexOf(".");
|
||||
if (!(dotPos > 3 || domain.indexOf(".") < dotPos)) {
|
||||
break; // we want at least the 2 most significant bytes
|
||||
}
|
||||
domain = domain.substring(0, dotPos);
|
||||
} else {
|
||||
// (sub)domain matching
|
||||
let dotPos = domain.indexOf(".");
|
||||
if (dotPos === -1) {
|
||||
break;
|
||||
}
|
||||
domain = domain.substring(dotPos + 1); // upper level
|
||||
if (!domain) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return null;
|
||||
|
|
|
@ -7,6 +7,9 @@
|
|||
p1.set("https://flashgot.net", p1.TRUSTED);
|
||||
p1.set("http://flashgot.net", p1.UNTRUSTED);
|
||||
p1.set("perchè.com", p1.TRUSTED);
|
||||
p1.set("10", p1.TRUSTED);
|
||||
p1.set("192.168", p1.TRUSTED);
|
||||
p1.set("192.168.69", p1.UNTRUSTED)
|
||||
let p2 = new Policy(p1.dry());
|
||||
debug("p1", JSON.stringify(p1.dry()));
|
||||
debug("p2", JSON.stringify(p2.dry()));
|
||||
|
@ -23,7 +26,10 @@
|
|||
() => !p1.can("http://secure.informaction.com"),
|
||||
() => p1.can("https://secure.informaction.com"),
|
||||
() => p1.can("https://www.secure.informaction.com"),
|
||||
() => !p1.can("https://192.168.69.1"),
|
||||
() => !p1.can("https://10.0.0.1"),
|
||||
() => p1.can("http://192.168.1.2"),
|
||||
]) Test.run(t);
|
||||
|
||||
|
||||
Test.report();
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue